Changeset

--- a/core/certmanager.lua	Fri Nov 03 23:08:07 2023 +0100
+++ b/core/certmanager.lua	Sat Nov 04 15:59:51 2023 +0100
@@ -369,7 +369,13 @@
 	if tls.features.options.no_compression then
 		core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
 	end
-	core_defaults.dane = configmanager.get("*", "use_dane") or false;
+	if not configmanager.get("*", "use_dane") then
+		core_defaults.dane = false;
+	elseif tls.features.capabilities.dane then
+		core_defaults.dane = { "no_ee_namechecks" };
+	else
+		core_defaults.dane = true;
+	end
 	cert_index = index_certs(resolve_path(config_path, global_certificates));
 end